sb-au logo
Story image

Evasive malware reaches record levels - WatchGuard report

25 Mar 2020

WatchGuard’s most recent Internet Security Report indicates that malware cases are surging again, with ‘evasive’ malware reaching record levels.

According to the data, collected from WatchGuard’s Firebox security appliances over Q4 2019, evasive malware accounted for two thirds of all detections – a massive jump from the 2019 average of 35%.

“Q4 2019 saw an explosion in zero day malware (which is malware that signature-based protections missed during the first few days or weeks of its release) reaching an all-time high of 68% of total detected malware. This is up from the approximate 37% average of 2018 and 2019, making Q4 2019  the worst malware quarter on our books,” the report says.

WatchGuard suggests that evasive malware is now becoming the norm rather than the exception, which means organisations that need to protect themselves must deploy even more advanced anti-malware solutions.

“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” says WatchGuard’s chief technology officer Corey Nachreiner.

“With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses, and innovations like Mac adware on the rise, businesses of all sizes need to invest in multiple layers of security. Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”

The report also notes that phishing campaigns and malware are still exploiting old software vulnerabilities. A ‘dropper’ exploit ranked number seven on WatchGuard’s top malware list targets a Microsoft Excel vulnerability from 2017. It downloads malware including the Agent Tesla keylogger. The dropper heavily targeted the United Kingdom, Germany, and New Zealand.

The report also found that hackers are opting for automated malware distribution because many attacks hit 70-80% of all Fireboxes in a single country. This could be explained by automation, WatchGuard states.

SQL injection attacks became the top network attack in 2019, the report says.  – SQL injection attacks grew % in total between 2018 and 2019, becoming the most common network attack of the year by a significant margin.

Mac adware also became more popular in Q4. WatchGuard explains that one of the top compromised websites WatchGuard detected in hosts a macOS adware called Bundlore that masquerades as an Adobe Flash update. This lines up with a MalwareBytes report from February 2020 that showed a rise in Mac malware, particularly adware.

In Q4 2019 Firebox appliances blocked over 34,500,000 malware variants in total (859.5 samples per device) and approximately 1,879,000 network attacks (47 attacks per device).

Story image
FrankieOne to build Westpac's BaaS identity infrastructure
“As Australians continue to look for new and different ways to do their banking, we are excited to be part of the ever-growing BaaS movement with Westpac."More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
Tesserent to acquire Secure Logic's managed security services business
Secure Logic delivered an audited turnover of $9 million in FY 2020 and a $4.2 million EBITDA, with reportedly ‘strong’ earnings going into FY 2021.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More